我已经创建了自己的OAuth2授权服务器。它的配置是: 配置类
@Configuration
@EnableWebSecurity
@EnableOAuth2Client
public class WebMvcConfiguration extends WebSecurityConfigurerAdapter {
@Primary
@Bean(name = "dataSource")
@ConfigurationProperties(prefix = "spring.datasource")
public DataSource dataSource() {
return DataSourceBuilder.create().build();
}
@Override
public void configure(AuthenticationManagerBuilder authManagerBuilder) throws Exception {
authManagerBuilder.authenticationProvider(dbAuthenticationProvider());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/login").permitAll()
.anyRequest().authenticated()
.and()
.formLogin().permitAll();
}
@Bean
public AuthenticationProvider dbAuthenticationProvider() {
return new AuthenticationProvider() {
@Autowired
private AuthUserRepository userRepo;
@Override
public boolean supports(Class<?> authentication) {
return authentication.isAssignableFrom(UsernamePasswordAuthenticationToken.class);
}
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
UsernamePasswordAuthenticationToken up = (UsernamePasswordAuthenticationToken) authentication;
if (up != null && up.getCredentials() != null && up.getPrincipal() != null) {
AuthUser user = userRepo.findByUsernameAndPassword(up.getPrincipal().toString(), userRepo.encryptPassword(up.getCredentials().toString()));
if (user != null) {
MyUserDetails userDetails = new MyUserDetails(user);
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(up.getPrincipal(), up.getCredentials(), userDetails.getAuthorities());
auth.setDetails(userDetails);
return auth;
}
}
return null;
}
};
}
}
主类:
@SpringBootApplication
@EnableDiscoveryClient
@EnableAuthorizationServer
@EnableResourceServer
@RestController
public class AuthServerApplication {
public static void main(String[] args) {
SpringApplication.run(AuthServerApplication.class, args);
}
@RequestMapping("/user")
Principal getUser(Principal principal) {
return principal;
}
}
应用程序属性:
server.port= 8999
spring.application.name= auth-server
spring.jpa.database-platform=org.hibernate.dialect.MySQL5Dialect
spring.jpa.database= MYSQL
spring.jpa.hibernate.ddl-auto= none
#spring.jpa.properties.hibernate.implicit_naming_strategy= org.hibernate.boot.model.naming.ImplicitNamingStrategyJpaCompliantImpl
spring.jpa.hibernate.naming.physical-strategy=org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
spring.datasource.driver-class-name=com.mysql.jdbc.Driver
spring.datasource.jdbc-url= jdbc:mysql://localhost:3306/authDB?useUnicode=true&createDatabaseIfNotExist=true&useSSL=false
spring.datasource.username= root
spring.datasource.password= root
spring.datasource.dbcp2.max-idle= 10000
spring.devtools.livereload.enabled=true
logging.level.org.springframework.security= TRACE
security.basic.enabled= false
security.user.name= root
security.user.password= password
security.oauth2.client.client-id= acem
security.oauth2.client.client-secret= secret
security.oauth2.client.authorized-grant-types=password,client_credentials,authorization_code,refresh_token
security.oauth2.client.scope=read,write
security.oauth2.resource.filter-order=3
security.oauth2.client.access-token-validity-seconds=500
现在,我正在使用此服务来授权来自其他应用程序的用户。我正在正确获取身份验证令牌(access_token)。但是我唯一的问题是我没有获得授权。我总是扮演匿名角色。我想要用户授权及其授权和角色。我需要在客户端执行什么实现?